Mobile

10/24/2017
01:30 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Samsung SDS America Adds BioCatch Behavioral Biometrics to Nexsign Platform to Enable Secure, Frictionless Mobile Experiences

Groundbreaking Fintech Partnership Addresses Market Demand For Continuous, Strong Identity Assurance Within Mobile Banking and Payment Applications

NEW YORK, NY (October 23, 2017) – BioCatch, the global leader in behavioral biometrics, announced today that it has teamed up with Samsung SDS, a global software solutions and IT services company, to integrate behavioral biometrics into its solution, creating an innovative, more powerful layer of fraud protection that works beyond the initial login process. The strategic partnership was made public during this year’s Money 20/20 conference in Las Vegas, NV.

BioCatch’s unique technology will be integrated into and complement Nexsign, Samsung SDS’s FIDO-certified, enterprise-grade biometric authentication software. The integration will fill the major security loopholes exposed when seamless interfaces of today’s most popular mobile applications don’t require a user to login multiple times to validate their identity.  BioCatch will use risk-based authentication to continuously monitor Samsung SDS’ users by mapping their behavioral patterns after log-in, to better distinguish between an authorized user, and that of an unauthorized user or an automated BOT or malware.

“Innovations in fintech have given ease to day-to-day tasks such as, banking, transactions, withdrawals and money transfers. Today’s leading brands have made managing finances a social and adoptable experience matching today’s digitally savvy consumers,” said Eyal Goldwerger, Chief Executive Officer at BioCatch. “However, given how sophisticated fraudsters are today, the consumer-grade authentication protocols that exist leave open the real possibility of account takeovers. In fact, all the fraud that BioCatch finds today, comes from within authenticated sessions, prompted by malware, social engineering and other sophisticated attacks that circumvent the login method entirely. As a result, security continues to be a major factor holding back the full potential of mobile banking and payments, especially when taking into consideration the equally important demand for a seamless user experience. Through Nexsign and our partnership, Samsung has created the platform that resolves this constant battle.”

Adding BioCatch behavioral biometrics complements the FIDO framework. The technology validates users by who they are via their interactions with an online application, rather than by what they know (e.g., passwords or security questions). At its core, the system analyzes more than 500 different behavioral parameters during a session to determine whether the user is in fact the genuine user and not a human imposter, malware or a bot. Now, once a user logs onto a mobile app, the system will be able to recognize if the session has been hijacked, and will require a step-up authentication, or an additional biometric test in order to complete the transaction. This could require the user to present one or more biometric modalities, such as fingerprint coupled with face or voice, depending on the transaction amount.

“The vision of Nexsign is to make passwords obsolete and give users a way to authenticate themselves safely and securely with biometrics. While physical biometrics provide an excellent way to do this at login, and other points within the app through step-up authentication, behavioral biometrics is the perfect complement to provide continuous authentication inside a session.  The BioCatch technology relies on a broad array of parameters, and is able to detect both human and non-human imposters inside a session that would otherwise be impossible to identify with traditional means. We are excited for this partnership and the combined offering that we can deliver to our customers,” said Richard Lobovsky, VP of Enterprise Solutions at Samsung SDS America.

Companies are relying on ineffective passwords or two-factor authentication by phone call, or text push notification to better validate users and are still being hacked.  The average fraudulent transaction is currently priced at around $130 for mobile transactions and $115 for tablets. Additionally, 55 percent of consumers use the same passwords for online banking, emails and social media accounts making it easier for fraudsters to guess the user’s credentials, bypassing authentication steps and other login defenses. This strategic partnership between two industry leaders will seek to minimize that impact.

 

About BioCatch

BioCatch is a cybersecurity company that delivers behavioral biometrics analyzing human-device interactions to protect users and data. Banks and other enterprises use BioCatch to significantly reduce online fraud and protect against a variety of cyber threats, without compromising the user experience. With an unparalleled patent portfolio and deployments at major banks around the world that cover tens of millions of users to date, BioCatch has established itself as the industry leader. For more information, please visit www.biocatch.com.

 

About Samsung SDS America

Samsung SDS America (SDSA) is the U.S. subsidiary of Samsung SDS, a global IT solutions company. SDSA provides purpose-built technology solutions in the areas of enterprise mobility, security, advanced analytics, mobile sales productivity, and training. We enable our customers in the public sector, finance, retail, and other industries to achieve greater freedom, more operational efficiency, and smarter decision making as the driving force for their competitive advantage. SDSA is headquartered in Ridgefield Park, NJ, with offices in Herndon, VA, and San Jose, CA. For more information on Samsung SDS Nexsign, please email [email protected]

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.